首页 新闻 会员 周边 捐助

怎么理解“SSL是被设计用作点对点通讯的,而不是端对端通讯的”,谢谢

0
悬赏园豆:15 [已解决问题] 解决于 2017-08-02 22:25

请看这篇文章:http://www.javaworld.com/article/2074474/soa/yes--you-can-secure-your-web-services-documents--part-1.html

他讲了一个end和end中间会有很多中间人,原话是“all sorts of devices, PCs, proxies, demilitarized zones, gateways, and who knows what else”。

现在很多网站都是https访问的,这些服务器和浏览器之间不会有中间人吗?也没有什么问题呀。迷惑。

 ssl是不能用在端对端呢还是说不适合用在端对端?谢谢。

会长的主页 会长 | 专家六级 | 园豆:12461
提问于:2017-08-02 19:54
< >
分享
最佳答案
0

SSL(TLS)是传输层安全协议,如果是来自上层(比如应用层)的攻击,SSL直接被无视。

比如虽然用了https,如果你的电脑中了木马,你的浏览器被安装了恶意插件,木马或恶意插件可以在加密传输的信息被你的电脑解密后进行攻击。

收获园豆:15
dudu | 高人七级 |园豆:31030 | 2017-08-02 21:46

园长大人,那我应该可以这样理解:点对点关注点在传输层,端对端关注点在应用层。我还有个疑问:https方式访问服务器理论上只要证书和ca机构不出问题就是安全的,为什么又发展出了ws-security规范,前者哪些缺陷是必须用后者才能弥补的呢?谢谢,祝晚安

会长 | 园豆:12461 (专家六级) | 2017-08-02 22:50

我应该是有些概念和知识不牢固。抽时间自己先学学吧,希望一年后我可以来回答自己提出的问题

会长 | 园豆:12461 (专家六级) | 2017-08-02 22:59

昨天花高价买的电子书上是这样说的:

Now, that's not to say that Web services can't be secured without WS-Security. A number of companies have deployed secure Web service using SSL. But the capabilites and extensibility of these Web services are very limited when relying on the transport level to enforce security. SSL provided point-to-point security rather than end-to-end-to-en security. As Web service deployments get more sophisticated, IT organizations will start to deploy intermediary nodes between consumer and service to perform functions, such as monitoring, auditing, content-based routing, version mismatch resolution, reliability, and orchestration. SSL-based protection can't provide a seamless security infrastructure for these multi-hop requirements. Beside, SSL imposes a heavy burden on IT developers to implement a security management framework that maps transport-level authentication mechanisms to the back-end applications' authentication and authorization systems.

 

不能复制,纯手打。他说的那些multi-hop的例子感受并不很深,还是经历的东西太少,太浅。

会长 | 园豆:12461 (专家六级) | 2017-08-03 10:06
其他回答(1)
0

https://rdist.root.org/2010/06/28/ssl-gives-point-to-point-not-end-to-end-security/

会长 | 园豆:12461 (专家六级) | 2017-08-02 20:04
清除回答草稿
   您需要登录以后才能回答,未注册用户请先注册